[Bug 61448] Cluster StaticMember (McastService:Required property "tcpListenPort" is missing)
https://bz.apache.org/bugzilla/show_bug.cgi?id=61448 --- Comment #2 from Keiichi Fujino--- If you want to use static cluster membership, you do not need to use McastService. So you should set channelStartOptions = "3". -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Regression with PKCS11 KeyStores?
Hello, Tomcat devs; I have detected what appears to be a regression in 8.5.20 with JSSE keystores since 8.5.16. With my limited understanding I'm unable to pinpoint the exact cause to a certainty after poking around a bit, so I thought I'd pass what info I have along and get some thoughts. Below is the error message I am getting: 21-Aug-2017 15:01:57.989 SEVERE [main] org.apache.catalina.core.StandardService.initInternal Failed to initialize connector [Connector[Http11Nio2ProtocolCryptovault-25005 ]] org.apache.catalina.LifecycleException: Failed to initialize component [Connector[Http11Nio2ProtocolCryptovault-25005]] at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:112) at org.apache.catalina.core.StandardService.initInternal(StandardService.java:549) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:875) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) at org.apache.catalina.startup.Catalina.load(Catalina.java:607) at org.apache.catalina.startup.Catalina.load(Catalina.java:630) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:311) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:494) Caused by: org.apache.catalina.LifecycleException: Protocol handler initialization failed at org.apache.catalina.connector.Connector.initInternal(Connector.java:999) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) ... 12 more Caused by: java.lang.IllegalArgumentException: java.security.KeyStoreException: Cannot get key bytes, not PKCS#8 encoded at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:114) at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:85) at org.apache.tomcat.util.net.Nio2Endpoint.bind(Nio2Endpoint.java:163) at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:982) at org.apache.tomcat.util.net.AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:244) at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:620) at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:66) at org.apache.catalina.connector.Connector.initInternal(Connector.java:997) ... 13 more Caused by: java.security.KeyStoreException: Cannot get key bytes, not PKCS#8 encoded at sun.security.provider.KeyProtector.protect(KeyProtector.java:174) at sun.security.provider.JavaKeyStore.engineSetKeyEntry(JavaKeyStore.java:267) at sun.security.provider.JavaKeyStore$JKS.engineSetKeyEntry(JavaKeyStore.java:56) at sun.security.provider.KeyStoreDelegator.engineSetKeyEntry(KeyStoreDelegator.java:117) at sun.security.provider.JavaKeyStore$DualFormatJKS.engineSetKeyEntry(JavaKeyStore.java:70) at java.security.KeyStore.setKeyEntry(KeyStore.java:1140) at org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:226) at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:112) ... 20 mor I did notice that because of the revision mentioned above (to JSSEUtil.java), KeyStore objects that aren't PEM encoded are loaded as an in-memory JKS keystore and a call to setKeyEntry is made. I may be wrong, but I think this is causing the failure. The hint I had to go from is that the documentation for the second form of setKeyEntry requires the key bytes to be PKCS8 encoded since this underlying keystore is JKS[1]... but we cannot guarantee that the getKey[2] call returned a Key that is PKCS8 encoded. With the implementation I am using, it's unclear what the encoding is for the Key object, but since PKCS11 is a common interface for hardware crypto, I'm sure many different types (or none at all) are possible. Looking into the source for engineSetKeyEntry(String alias, byte[] key, Certificate[] chain), I see that a call to protect() is made which does the check for PKCS8 encoding. This appears to explain the exception. Unfortunately... I'm not sure where to go from there (if that even is the issue). It wouldn't help to switch to setKeyEntry(String alias, byte[] key, Certificate[] chain) since that also has the same PKCS8 encoding requirement. I also don't think it would be possible to obtain the raw key bytes since a hardware crypto device would certainly block such an operation and it would be out
Re: Config warning when using OpenSSL config items and useOpenSSL=true
Am 21.08.2017 um 20:01 schrieb Mark Thomas: On 19/08/17 22:44, Rainer Jung wrote: Assume tcantive and OpenSSL is available. When using the AprLifecycleListener with useOpenssl="true" (default) and useAprConnector="false" (also default) with a Java NIO or NIO2 connector and *not* setting the sslImplementationName one gets warnings for each config item which is OpenSSL only. Since with these (default) settings the connector uses OpenSSL the warnings doesn't make sense. The reason is, that the config is checked very early, especially before the AprLifecycleListener kicks in and sets the sslImplementationName to OpenSSL. I can't reproduce this. Can you provide the configuration you are using? I do not have a good idea how to fix this. It is not related to my commits of today. Example message: WARNING [main] org.apache.tomcat.util.net.SSLHostConfig.setConfigType The property [disableCompression] was set on the SSLHostConfig named [_default_] and is for connectors of type [OPENSSL] but the SSLHostConfig is being used with a connector of type [JSSE] That message might need more careful wording since it isn't the connector type, it is the configuration style. You can use either configuration style (JSSE or OpenSSL) with either implementation (JSSE or OpenSSL). However, you can't mix the two configuration styles within a single SSLHostConfig. Sorry for not being more specific. An example that work here: - current trunk - adjust server.xml as follows: --- conf/server.xml 2017-08-21 22:05:12.706794000 +0200 +++ conf/server.xml 2017-08-21 22:10:27.472768000 +0200 @@ -85,14 +85,17 @@ the SSLImplementation selected. JSSE style configuration is used below. --> protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true"> - - ++ certificateFile="/path/to/test-ca/certs/localhost-rsa-cert.pem" + certificateKeyFile="/path/to/test-ca/keys/localhost-rsa-key.pem" + certificateChainFile="/path/to/test-ca/certs/localhost-rsa-chain.pem" type="RSA" /> --->
Re: Config warning when using OpenSSL config items and useOpenSSL=true
On 19/08/17 22:44, Rainer Jung wrote: > Assume tcantive and OpenSSL is available. > > When using the AprLifecycleListener with useOpenssl="true" (default) and > useAprConnector="false" (also default) with a Java NIO or NIO2 connector > and *not* setting the sslImplementationName one gets warnings for each > config item which is OpenSSL only. > > Since with these (default) settings the connector uses OpenSSL the > warnings doesn't make sense. > > The reason is, that the config is checked very early, especially before > the AprLifecycleListener kicks in and sets the sslImplementationName to > OpenSSL. I can't reproduce this. Can you provide the configuration you are using? > I do not have a good idea how to fix this. It is not related to my > commits of today. > > Example message: > > WARNING [main] org.apache.tomcat.util.net.SSLHostConfig.setConfigType > The property [disableCompression] was set on the SSLHostConfig named > [_default_] and is for connectors of type [OPENSSL] but the > SSLHostConfig is being used with a connector of type [JSSE] That message might need more careful wording since it isn't the connector type, it is the configuration style. You can use either configuration style (JSSE or OpenSSL) with either implementation (JSSE or OpenSSL). However, you can't mix the two configuration styles within a single SSLHostConfig. Kind regards, Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 48655] Active multipart downloads prevent tomcat shutdown.
https://bz.apache.org/bugzilla/show_bug.cgi?id=48655 Mark Thomaschanged: What|Removed |Added Resolution|--- |FIXED Status|NEW |RESOLVED --- Comment #3 from Mark Thomas --- In the current code at least, this appears to have been an issue in Tomcat rather than the native library. Fixed in: - trunk for 9.0.0.M27 onwards - 8.5.x for 8.5.21 onwards - 8.0.x for 8.0.47 onwards - 7.0.x for 7.0.82 onwards -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1805655 - in /tomcat/tc7.0.x/trunk: ./ java/org/apache/tomcat/util/net/AprEndpoint.java webapps/docs/changelog.xml
Author: markt Date: Mon Aug 21 17:03:28 2017 New Revision: 1805655 URL: http://svn.apache.org/viewvc?rev=1805655=rev Log: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=48655 Enable Tomcat to shutdown cleanly when using sendfile, the APR/native connector and a multi-part download is in progress. Modified: tomcat/tc7.0.x/trunk/ (props changed) tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Propchange: tomcat/tc7.0.x/trunk/ -- --- svn:mergeinfo (original) +++ svn:mergeinfo Mon Aug 21 17:03:28 2017 @@ -1,3 +1,3 @@ /tomcat/tc8.0.x/trunk:1636525,1637336,1637685,1637709,1638726,1640089,1640276,1640349,1640363,1640366,1640642,1640672,1640674,1640689,1640884,1641001,1641065,1641067,1641375,1641638,1641723,1641726,1641729-1641730,1641736,1641988,1642669-1642670,1642698,1642701,1643205,1643215,1643217,1643230,1643232,1643273,1643285,1643329-1643330,1643511,1643513,1643521,1643539,1643571,1643581-1643582,1643635,1643655,1643738,1643964,1644018,1644333,1644525,1644954,1644992,1645014,1645360,1645456,1645627,1645642,1645686,1645903-1645904,1645908-1645909,1645913,1645920,1646458,1646460-1646462,1646735,1646738-1646741,1646744,1646746,1646748-1646755,1646757,1646759-1646760,1647043,1648816,1651420-1651422,1651844,1652926,1652939-1652940,1652973,1653798,1653817,1653841,1654042,1654161,1654736,1654767,1654787,1656592,1659907,1662986,1663265,1663278,1663325,1663535,1663567,1663679,1663997,1664175,1664321,1664872,1665061,1665086,1666027,1666395,1666503,1666506,1666560,1666570,1666581,1666759,1666967,1666988 ,1667553-1667555,1667558,1667617,1667633,1667637,1667747,1667767,1667873,1668028,1668137,1668634,1669432,1669801,1669840,1669895-1669896,1670398,1670435,1670592,1670605-1670607,1670609,1670632,1670720,1670725,1670727,1670731,1671114,1672273,1672285,1673759,1674220,1674295,1675469,1675488,1675595,1675831,1676232,1676367-1676369,1676382,1676394,1676483,1676556,1676635,1678178,1679536,1679988,1680256,1681124,1681182,1681703,1681730,1681840,1681864,1681869,1682010,1682034,1682047,1682052-1682053,1682062,1682064,1682070,1682312,1682325,1682331,1682386,1684367,1684385,1685759,1685774,1685827,1685892,1687341,1688904,1689358,1689657,1689921,1692850,1693093,1693108,1693324,1694060,1694115,1694291,1694427,1694431,1694503,1694549,1694789,1694873,1694881,1695356,1695372,1695823-1695825,1696200,1696281,1696379,1696468,1700608,1700871,1700897,1700978,1701094,1701124,1701608,1701668,1701676,1701766,1701944,1702248,1702252,1702314,1702390,1702723,1702725,1702728,1702730,1702733,1702735,1702737,1702 739,1702742,1702744,1702748,1702751,1702754,1702758,1702760,1702763,1702766,1708779,1708782,1708806,1709314,1709670,1710347,1710442,1710448,1710490,1710574,1710578,1712226,1712229,1712235,1712255,1712618,1712649,1712655,1712860,1712899,1712903,1712906,1712913,1712926,1712975,1713185,1713262,1713287,1713613,1713621,1713872,1713976,1713994,1713998,1714004,1714013,1714059,1714538,1714580,1715189,1715207,1715544,1715549,1715637,1715639-1715645,1715667,1715683,1715866,1715978,1715981,1716216-1716217,1716355,1716414,1716421,1717208-1717209,1717257,1717283,1717288,1717291,1717421,1717517,1717529,1718797,1718840-1718843,1719348,1719357-1719358,1719400,1719491,1719737,1720235,1720396,1720442,1720446,1720450,1720463,1720658-1720660,1720756,1720816,1721813,1721818,1721831,1721861,1721867,1721882,1722523,1722527,1722800,1722926,1722941,1722997,1723130,1723440,1723488,1723890,1724434,1724674,1724792,1724803,1724902,1725128,1725131,1725154,1725167,1725911,1725921,1725929,1725963-1725965,1725970,1 725974,1726171-1726173,1726175,1726179-1726182,1726190-1726191,1726195-1726200,1726203,1726226,1726576,1726630,1726992,1727029,1727037,1727671,1727676,1727900,1728028,1728092,1728439,1728449,1729186,1729362,1731009,1731303,1731867,1731872,1731874,1731876,1731885,1731947,1731955,1731959,1731977,1731984,1732360,1732490,1732672,1732902,1733166,1733603,1733619,1733735,1733752,1733764,1733915,1733941,1733964,1734115,1734133,1734261,1734421,1734531,1736286,1737967,1738173,1738182,1738992,1739039,1739089-1739091,1739294,1739777,1739821,1739981,1740513,1740726,1741019,1741162,1741217,1743647,1743681,1744152,1744272,1746732,1746750,1752739,1754615,1755886,1756018,1759565,1761686,1762173,1762206,1766280,1767507-1767508,1767653,1767656,1769267,1772949,1773521,1773527,1774104,1777015,1777213,1779330,1783151,1784188,1784966,1785670,1786846,1788260,1788999,1789140,1789402,1791529,1791559,1795291,1796906,1797523,1799214,1800998-1800999,1801003,1801007-1801008,1801017,1801020,1802808,1802814,180361 8
svn commit: r1805654 - in /tomcat/tc8.0.x/trunk: ./ java/org/apache/tomcat/util/net/AprEndpoint.java webapps/docs/changelog.xml
Author: markt Date: Mon Aug 21 17:01:24 2017 New Revision: 1805654 URL: http://svn.apache.org/viewvc?rev=1805654=rev Log: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=48655 Enable Tomcat to shutdown cleanly when using sendfile, the APR/native connector and a multi-part download is in progress. Modified: tomcat/tc8.0.x/trunk/ (props changed) tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml Propchange: tomcat/tc8.0.x/trunk/ -- --- svn:mergeinfo (original) +++ svn:mergeinfo Mon Aug 21 17:01:24 2017 @@ -1,2 +1,2 @@ /tomcat/tc8.5.x/trunk:1735042,1737966,1743139-1743140,1744151,1747537,1747925,1748002,1754614,1754643,1762124,1762183,1762203,1763792,1772948,1777014,1779719,1782037,1782240,1782386-1782387,1785669,1786845,1788249,1788324,1788905,1789216,1789335,1791528,1791558,1796697-1796698,1797521,1798543,1799162,1800143,1801693,1802805 -/tomcat/trunk:1636524,1637156,1637176,1637188,1637331,1637684,1637695,1637890,1637892,1638720-1638725,1639653,1640010,1640083-1640084,1640088,1640275,1640322,1640347,1640361,1640365,1640403,1640410,1640652,1640655-1640658,1640688,1640700-1640883,1640903,1640976,1640978,1641000,1641026,1641038-1641039,1641051-1641052,1641058,1641064,1641300,1641369,1641374,1641380,1641486,1641634,1641656-1641692,1641704,1641707-1641718,1641720-1641722,1641735,1641981,1642233,1642280,1642554,1642564,1642595,1642606,1642668,1642679,1642697,1642699,1642766,1643002,1643045,1643054-1643055,1643066,1643121,1643128,1643206,1643209-1643210,1643216,1643249,1643270,1643283,1643309-1643310,1643323,1643365-1643366,1643370-1643371,1643465,1643474,1643536,1643570,1643634,1643649,1643651,1643654,1643675,1643731,1643733-1643734,1643761,1643766,1643814,1643937,1643963,1644017,1644169,1644201-1644203,1644321,1644323,1644516,1644523,1644529,1644535,1644730,1644768,1644784-1644785,1644790,1644793,1644815,1644884,1644886 ,1644890,1644892,1644910,1644924,1644929-1644930,1644935,1644989,1645011,1645247,1645355,1645357-1645358,1645455,1645465,1645469,1645471,1645473,1645475,1645486-1645488,1645626,1645641,1645685,1645743,1645763,1645951-1645953,1645955,1645993,1646098-1646106,1646178,1646220,1646302,1646304,1646420,1646470-1646471,1646476,1646559,1646717-1646723,1646773,1647026,1647042,1647530,1647655,1648304,1648815,1648907,1649973,1650081,1650365,1651116,1651120,1651280,1651470,1652938,1652970,1653041,1653471,1653550,1653574,1653797,1653815-1653816,1653819,1653840,1653857,1653888,1653972,1654013,1654030,1654050,1654123,1654148,1654159,1654513,1654515,1654517,1654522,1654524,1654725,1654735,1654766,1654785,1654851-1654852,1654978,1655122-1655124,1655126-1655127,1655129-1655130,1655132-1655133,1655312,1655351,1655438,1655441,1655454,168,1656087,1656299,1656319,1656331,1656345,1656350,1656590,1656648-1656650,1656657,1657041,1657054,1657374,1657492,1657510,1657565,1657580,1657584,1657586,1657589,1657 592,1657607,1657609,1657682,1657907,1658207,1658734,1658781,1658790,1658799,1658802,1658804,1658833,1658840,1658966,1659043,1659053,1659059,1659174,1659184,1659188-1659189,1659216,1659263,1659293,1659304,1659306-1659307,1659382,1659384,1659428,1659471,1659486,1659505,1659516,1659521,1659524,1659559,1659562,1659803,1659806,1659814,1659833,1659862,1659905,1659919,1659948,1659967,1659983-1659984,1660060,1660074,1660077,1660133,1660168,1660331-1660332,1660353,1660358,1660924,1661386,1661770,1661867,1661972,1661990,1662200,1662308-1662309,1662548,1662614,1662696,1662736,1662985,1662988-1662989,1663264,1663277,1663298,1663534,1663562,1663676,1663715,1663754,1663768,1663772,1663781,1663893,1663995,1664143,1664163,1664174,1664301,1664317,1664347,1664657,1664659,1664710,1664863-1664864,1664866,1665085,1665292,1665559,1665653,1665661,1665672,1665694,1665697,1665736,1665779,1665976-1665977,1665980-1665981,1665985-1665986,1665989,1665998,1666004,1666008,1666013,1666017,1666024,1666116,1666386-1
svn commit: r1805653 - in /tomcat/tc8.5.x/trunk: ./ java/org/apache/tomcat/util/net/AprEndpoint.java webapps/docs/changelog.xml
Author: markt Date: Mon Aug 21 17:00:48 2017 New Revision: 1805653 URL: http://svn.apache.org/viewvc?rev=1805653=rev Log: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=48655 Enable Tomcat to shutdown cleanly when using sendfile, the APR/native connector and a multi-part download is in progress. Modified: tomcat/tc8.5.x/trunk/ (props changed) tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml Propchange: tomcat/tc8.5.x/trunk/ -- --- svn:mergeinfo (original) +++ svn:mergeinfo Mon Aug 21 17:00:48 2017 @@ -1 +1 @@ -/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409,1741501 ,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745083,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745473,1745535,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747404,1747506,1747 536,1747924,1747980,1747993,1748001,1748253,1748452,1748547,1748629,1748676,1748715,1749287,1749296,1749328,1749373,1749465,1749506,1749508,1749665-1749666,1749763,1749865-1749866,1749898,1749978,1749980,1750011,1750015,1750056,1750480,1750617,1750634,1750692,1750697,1750700,1750703,1750707,1750714,1750718,1750723,1750774,1750899,1750975,1750995,1751061,1751097,1751173,1751438,1751447,1751463,1751702,1752212,1752737,1752745,1753078,1753080,1753358,1753363,1754111,1754140-1754141,1754281,1754310,1754445,1754467,1754494,1754496,1754528,1754532-1754533,1754613,1754714,1754874,1754941,1754944,1754950-1754951,1755005,1755007,1755009,1755132,1755180-1755181,1755185,1755190,1755204-1755206,1755208,1755214,1755224,1755227,1755230,1755629,1755646-1755647,1755650,1755653,1755675,1755680,1755683,1755693,1755717,1755731-1755737,1755812,1755828,1755884,1755890,1755918-1755919,1755942,1755958,1755960,1755970,1755993,1756013,1756019,1756039,1756056,1756083-1756114,1756175,1756288-1756289,1756408-1 756410,1756778,1756798,1756878,1756898,1756939,1757123-1757124,1757126,1757128,1757132-1757133,1757136,1757145,1757167-1757168,1757175,1757180,1757182,1757195,1757271,1757278,1757347,1757353-1757354,1757363,1757374,1757399,1757406,1757408,1757485,1757495,1757499,1757527,1757578,1757684,1757722,1757727,1757790,1757799,1757813,1757853,1757883,1757903,1757976,1757997,1758000,1758058,1758072-1758075,1758078-1758079,1758223,1758257,1758261,1758276,1758292,1758369,1758378-1758383,1758421,1758423,1758425-1758427,1758430,1758443,1758448,1758459,1758483,1758486-1758487,1758499,1758525,1758556,1758580,1758582,1758584,1758588,1758842,1759019,1759212,1759224,1759227,1759252,1759274,1759513-1759516,1759611,1759757,1759785-1759790,1760005,1760022,1760109-1760110,1760135,1760200-1760201,1760227,1760300,1760397,1760446,1760454,1760640,1760648,1761057,1761422,1761491,1761498,1761500-1761501,1761550,1761553,1761572,1761574,1761625-1761626,1761628,1761682,1761740,1761752,1762051-1762053,1762123,176216
svn commit: r1805652 - in /tomcat/trunk: java/org/apache/tomcat/util/net/AprEndpoint.java webapps/docs/changelog.xml
Author: markt Date: Mon Aug 21 16:59:56 2017 New Revision: 1805652 URL: http://svn.apache.org/viewvc?rev=1805652=rev Log: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=48655 Enable Tomcat to shutdown cleanly when using sendfile, the APR/native connector and a multi-part download is in progress. Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java tomcat/trunk/webapps/docs/changelog.xml Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java?rev=1805652=1805651=1805652=diff == --- tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java (original) +++ tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java Mon Aug 21 16:59:56 2017 @@ -2002,7 +2002,7 @@ public class AprEndpoint extends Abstrac 0, data.fdpool); // Set the socket to nonblocking mode Socket.timeoutSet(data.socket, 0); -while (true) { +while (sendfileRunning) { long nw = Socket.sendfilen(data.socket, data.fd, data.pos, data.length, 0); if (nw < 0) { Modified: tomcat/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1805652=1805651=1805652=diff == --- tomcat/trunk/webapps/docs/changelog.xml (original) +++ tomcat/trunk/webapps/docs/changelog.xml Mon Aug 21 16:59:56 2017 @@ -112,6 +112,11 @@ renegotiation. (markt) +48655: Enable Tomcat to shutdown cleanly when using sendfile, +the APR/native connector and a multi-part download is in progress. +(markt) + + 58244: Handle the case when OpenSSL resumes a TLS session using a ticket and the full client certificate chain is not available. In this case the client certificate without the chain will be presented - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 61448] Cluster StaticMember (McastService:Required property "tcpListenPort" is missing)
https://bz.apache.org/bugzilla/show_bug.cgi?id=61448 --- Comment #1 from Carlos--- How to reproduce: Set up a cluster with one static member. #server.xml: -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 61448] New: Cluster StaticMember (McastService:Required property "tcpListenPort" is missing)
https://bz.apache.org/bugzilla/show_bug.cgi?id=61448 Bug ID: 61448 Summary: Cluster StaticMember (McastService:Required property "tcpListenPort" is missing) Product: Tomcat 7 Version: 7.0.70 Hardware: All OS: All Status: NEW Severity: normal Priority: P2 Component: Cluster Assignee: dev@tomcat.apache.org Reporter: carlosp...@gmail.com Target Milestone: --- Hello, Cluster static members seem to fail since version 7.0.70 (also reproduced in 8.0.45, and is the same code than tomcat 9): SEVERE: The required Server component failed to start so Tomcat is unable to start. ... Caused by: org.apache.catalina.tribes.ChannelException: java.lang.IllegalArgumentException: McastService:Required property "tcpListenPort" is missing.; No faulty members identified. at org.apache.catalina.tribes.group.ChannelCoordinator.internalStart(ChannelCoordinator.java:200) at org.apache.catalina.tribes.group.ChannelCoordinator.start(ChannelCoordinator.java:100) at org.apache.catalina.tribes.group.ChannelInterceptorBase.start(ChannelInterceptorBase.java:162) at org.apache.catalina.tribes.group.interceptors.StaticMembershipInterceptor.start(StaticMembershipInterceptor.java:168) at org.apache.catalina.tribes.group.ChannelInterceptorBase.start(ChannelInterceptorBase.java:162) at org.apache.catalina.tribes.group.GroupChannel.start(GroupChannel.java:431) at org.apache.catalina.ha.tcp.SimpleTcpCluster.startInternal(SimpleTcpCluster.java:689) ... 15 more Caused by: java.lang.IllegalArgumentException: McastService:Required property "tcpListenPort" is missing. at org.apache.catalina.tribes.membership.McastService.hasProperty(McastService.java:360) at org.apache.catalina.tribes.membership.McastService.start(McastService.java:379) at org.apache.catalina.tribes.group.ChannelCoordinator.internalStart(ChannelCoordinator.java:182) ... 21 more The reason could be here: $ diff -u apache-tomcat-7.0.69-src/java/org/apache/catalina/tribes/group/ChannelCoordinator.java apache-tomcat-7.0.70-src/java/org/apache/catalina/tribes/group/ChannelCoordinator.java.original --- apache-tomcat-7.0.69-src/java/org/apache/catalina/tribes/group/ChannelCoordinator.java 2016-04-11 10:02:35.0 +0200 +++ apache-tomcat-7.0.70-src/java/org/apache/catalina/tribes/group/ChannelCoordinator.java.original 2016-06-15 18:45:51.0 +0200 @@ -26,6 +26,8 @@ import org.apache.catalina.tribes.MessageListener; import org.apache.catalina.tribes.UniqueId; import org.apache.catalina.tribes.membership.McastService; +import org.apache.catalina.tribes.membership.StaticMember; +import org.apache.catalina.tribes.transport.ReceiverBase; import org.apache.catalina.tribes.transport.ReplicationTransmitter; import org.apache.catalina.tribes.transport.SenderState; import org.apache.catalina.tribes.transport.nio.NioReceiver; @@ -141,28 +143,49 @@ //listens to with the local membership settings if ( Channel.SND_RX_SEQ==(svc & Channel.SND_RX_SEQ) ) { clusterReceiver.setMessageListener(this); +if (clusterReceiver instanceof ReceiverBase) { +((ReceiverBase)clusterReceiver).setChannel(getChannel()); +} clusterReceiver.start(); //synchronize, big time FIXME - membershipService.setLocalMemberProperties(getClusterReceiver().getHost(), - getClusterReceiver().getPort(), - getClusterReceiver().getSecurePort(), - getClusterReceiver().getUdpPort()); +Member localMember = getChannel().getLocalMember(false); +if (localMember instanceof StaticMember) { +// static member +StaticMember staticMember = (StaticMember)localMember; +staticMember.setHost(getClusterReceiver().getHost()); +staticMember.setPort(getClusterReceiver().getPort()); + staticMember.setSecurePort(getClusterReceiver().getSecurePort()); +} else { +// multicast member + membershipService.setLocalMemberProperties(getClusterReceiver().getHost(), +getClusterReceiver().getPort(), +getClusterReceiver().getSecurePort(), +getClusterReceiver().getUdpPort()); + +} valid = true; } It seems to me that it's always necessary to initialize membershipService, maybe something like that (untested): ---
[Bug 48655] Active multipart downloads prevent tomcat shutdown.
https://bz.apache.org/bugzilla/show_bug.cgi?id=48655 Mark Thomaschanged: What|Removed |Added Status|NEEDINFO|NEW --- Comment #2 from Mark Thomas --- I can re-create this with Tomcat trunk, Tomcat Native trunk and the "Download them all" add-on for Firefox. Stopping Tomcat in the middle of a large download triggered a JVM crash. Not a major problem since Tomcat was stopping anyway but it would be better to shutdown cleanly. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 61437] 8.0.46: Websockets examples failure with AccessControlException "accessClassInPackage.org.apache.catalina.webresources"
https://bz.apache.org/bugzilla/show_bug.cgi?id=61437 Mark Thomaschanged: What|Removed |Added Resolution|--- |FIXED Status|NEW |RESOLVED --- Comment #3 from Mark Thomas --- Good catch. Fixed in: - 8.0.x for 8.0.47 onwards -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1805649 - in /tomcat/tc8.0.x/trunk: java/org/apache/catalina/security/SecurityClassLoad.java webapps/docs/changelog.xml
Author: markt Date: Mon Aug 21 16:02:15 2017 New Revision: 1805649 URL: http://svn.apache.org/viewvc?rev=1805649=rev Log: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=61437 Fix a possible AccessControlException accessing the WebSocket examples when running under a SecurityManager. Modified: tomcat/tc8.0.x/trunk/java/org/apache/catalina/security/SecurityClassLoad.java tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml Modified: tomcat/tc8.0.x/trunk/java/org/apache/catalina/security/SecurityClassLoad.java URL: http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/org/apache/catalina/security/SecurityClassLoad.java?rev=1805649=1805648=1805649=diff == --- tomcat/tc8.0.x/trunk/java/org/apache/catalina/security/SecurityClassLoad.java (original) +++ tomcat/tc8.0.x/trunk/java/org/apache/catalina/security/SecurityClassLoad.java Mon Aug 21 16:02:15 2017 @@ -47,6 +47,7 @@ public final class SecurityClassLoad { loadSessionPackage(loader); loadUtilPackage(loader); loadValvesPackage(loader); +loadWebResourcesPackage(loader); loadJavaxPackage(loader); loadConnectorPackage(loader); loadTomcatPackage(loader); @@ -164,6 +165,13 @@ public final class SecurityClassLoad { } +private static final void loadWebResourcesPackage(ClassLoader loader) +throws Exception { +final String basePackage = "org.apache.catalina.webresources."; +loader.loadClass(basePackage + "WarResourceSet"); +} + + private static final void loadCoyotePackage(ClassLoader loader) throws Exception { final String basePackage = "org.apache.coyote."; Modified: tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml?rev=1805649=1805648=1805649=diff == --- tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml (original) +++ tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml Mon Aug 21 16:02:15 2017 @@ -57,6 +57,11 @@ running under a SecurityManager and using Subject.doAs(). (markt) + +61437: Fix a possible AccessControlException +accessing the WebSocket examples when running under a +SecurityManager. (markt) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 61447] Link is 404
https://bz.apache.org/bugzilla/show_bug.cgi?id=61447 --- Comment #2 from Mark Thomas--- Reported to the infra team: https://issues.apache.org/jira/browse/INFRA-14921 -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 61447] Link is 404
https://bz.apache.org/bugzilla/show_bug.cgi?id=61447 Mark Thomaschanged: What|Removed |Added OS||All Resolution|--- |INVALID Status|NEW |RESOLVED --- Comment #1 from Mark Thomas --- Probably a broken mirror. That happens from time to time. Please choose a different mirror. All the ones I tested worked. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 61424] Obtaining a StackOverflowError when running Tomcat 8.5 or 9 with SecurityManager, a javax.management.remote.JMXPrincipal entry is present in catalina.policy file and Subject.doAs method is
https://bz.apache.org/bugzilla/show_bug.cgi?id=61424 Mark Thomaschanged: What|Removed |Added Resolution|--- |FIXED Status|NEW |RESOLVED OS||All --- Comment #1 from Mark Thomas --- Thanks for the report. There was a targeted fix that handled a similar case that I have converted to a more general fix. I also back-ported the fix to 8.0.x since the more general may also be useful there. Fixed in: - trunk for 9.0.0.M27 onwards - 8.5.x for 8.5.21 onwards - 8.0.x for 8.0.47 onwards -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1805647 - in /tomcat/tc8.0.x/trunk: ./ java/org/apache/catalina/loader/WebappClassLoaderBase.java webapps/docs/changelog.xml
Author: markt Date: Mon Aug 21 15:27:48 2017 New Revision: 1805647 URL: http://svn.apache.org/viewvc?rev=1805647=rev Log: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=61424 The trick to avoid the relatively slow ClassNotFoundException has another (possible) edge case that can trigger a StackOverflowError. Switch to a general fix that handles the known edge cases and should handle as yet unknown edge cases. Modified: tomcat/tc8.0.x/trunk/ (props changed) tomcat/tc8.0.x/trunk/java/org/apache/catalina/loader/WebappClassLoaderBase.java tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml Propchange: tomcat/tc8.0.x/trunk/ -- --- svn:mergeinfo (original) +++ svn:mergeinfo Mon Aug 21 15:27:48 2017 @@ -1,2 +1,2 @@ /tomcat/tc8.5.x/trunk:1735042,1737966,1743139-1743140,1744151,1747537,1747925,1748002,1754614,1754643,1762124,1762183,1762203,1763792,1772948,1777014,1779719,1782037,1782240,1782386-1782387,1785669,1786845,1788249,1788324,1788905,1789216,1789335,1791528,1791558,1796697-1796698,1797521,1798543,1799162,1800143,1801693,1802805 -/tomcat/trunk:1636524,1637156,1637176,1637188,1637331,1637684,1637695,1637890,1637892,1638720-1638725,1639653,1640010,1640083-1640084,1640088,1640275,1640322,1640347,1640361,1640365,1640403,1640410,1640652,1640655-1640658,1640688,1640700-1640883,1640903,1640976,1640978,1641000,1641026,1641038-1641039,1641051-1641052,1641058,1641064,1641300,1641369,1641374,1641380,1641486,1641634,1641656-1641692,1641704,1641707-1641718,1641720-1641722,1641735,1641981,1642233,1642280,1642554,1642564,1642595,1642606,1642668,1642679,1642697,1642699,1642766,1643002,1643045,1643054-1643055,1643066,1643121,1643128,1643206,1643209-1643210,1643216,1643249,1643270,1643283,1643309-1643310,1643323,1643365-1643366,1643370-1643371,1643465,1643474,1643536,1643570,1643634,1643649,1643651,1643654,1643675,1643731,1643733-1643734,1643761,1643766,1643814,1643937,1643963,1644017,1644169,1644201-1644203,1644321,1644323,1644516,1644523,1644529,1644535,1644730,1644768,1644784-1644785,1644790,1644793,1644815,1644884,1644886 ,1644890,1644892,1644910,1644924,1644929-1644930,1644935,1644989,1645011,1645247,1645355,1645357-1645358,1645455,1645465,1645469,1645471,1645473,1645475,1645486-1645488,1645626,1645641,1645685,1645743,1645763,1645951-1645953,1645955,1645993,1646098-1646106,1646178,1646220,1646302,1646304,1646420,1646470-1646471,1646476,1646559,1646717-1646723,1646773,1647026,1647042,1647530,1647655,1648304,1648815,1648907,1649973,1650081,1650365,1651116,1651120,1651280,1651470,1652938,1652970,1653041,1653471,1653550,1653574,1653797,1653815-1653816,1653819,1653840,1653857,1653888,1653972,1654013,1654030,1654050,1654123,1654148,1654159,1654513,1654515,1654517,1654522,1654524,1654725,1654735,1654766,1654785,1654851-1654852,1654978,1655122-1655124,1655126-1655127,1655129-1655130,1655132-1655133,1655312,1655351,1655438,1655441,1655454,168,1656087,1656299,1656319,1656331,1656345,1656350,1656590,1656648-1656650,1656657,1657041,1657054,1657374,1657492,1657510,1657565,1657580,1657584,1657586,1657589,1657 592,1657607,1657609,1657682,1657907,1658207,1658734,1658781,1658790,1658799,1658802,1658804,1658833,1658840,1658966,1659043,1659053,1659059,1659174,1659184,1659188-1659189,1659216,1659263,1659293,1659304,1659306-1659307,1659382,1659384,1659428,1659471,1659486,1659505,1659516,1659521,1659524,1659559,1659562,1659803,1659806,1659814,1659833,1659862,1659905,1659919,1659948,1659967,1659983-1659984,1660060,1660074,1660077,1660133,1660168,1660331-1660332,1660353,1660358,1660924,1661386,1661770,1661867,1661972,1661990,1662200,1662308-1662309,1662548,1662614,1662696,1662736,1662985,1662988-1662989,1663264,1663277,1663298,1663534,1663562,1663676,1663715,1663754,1663768,1663772,1663781,1663893,1663995,1664143,1664163,1664174,1664301,1664317,1664347,1664657,1664659,1664710,1664863-1664864,1664866,1665085,1665292,1665559,1665653,1665661,1665672,1665694,1665697,1665736,1665779,1665976-1665977,1665980-1665981,1665985-1665986,1665989,1665998,1666004,1666008,1666013,1666017,1666024,1666116,1666386-1
svn commit: r1805646 - in /tomcat/tc8.5.x/trunk: ./ java/org/apache/catalina/loader/WebappClassLoaderBase.java webapps/docs/changelog.xml
Author: markt Date: Mon Aug 21 15:25:31 2017 New Revision: 1805646 URL: http://svn.apache.org/viewvc?rev=1805646=rev Log: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=61424 The trick to avoid the relatively slow ClassNotFoundException has another edge case that can trigger a StackOverflowError. Switch to a general fix that handles the known edge cases and should handle as yet unknown edge cases. Modified: tomcat/tc8.5.x/trunk/ (props changed) tomcat/tc8.5.x/trunk/java/org/apache/catalina/loader/WebappClassLoaderBase.java tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml Propchange: tomcat/tc8.5.x/trunk/ -- --- svn:mergeinfo (original) +++ svn:mergeinfo Mon Aug 21 15:25:31 2017 @@ -1 +1 @@ -/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409,1741501 ,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745083,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745473,1745535,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747404,1747506,1747 536,1747924,1747980,1747993,1748001,1748253,1748452,1748547,1748629,1748676,1748715,1749287,1749296,1749328,1749373,1749465,1749506,1749508,1749665-1749666,1749763,1749865-1749866,1749898,1749978,1749980,1750011,1750015,1750056,1750480,1750617,1750634,1750692,1750697,1750700,1750703,1750707,1750714,1750718,1750723,1750774,1750899,1750975,1750995,1751061,1751097,1751173,1751438,1751447,1751463,1751702,1752212,1752737,1752745,1753078,1753080,1753358,1753363,1754111,1754140-1754141,1754281,1754310,1754445,1754467,1754494,1754496,1754528,1754532-1754533,1754613,1754714,1754874,1754941,1754944,1754950-1754951,1755005,1755007,1755009,1755132,1755180-1755181,1755185,1755190,1755204-1755206,1755208,1755214,1755224,1755227,1755230,1755629,1755646-1755647,1755650,1755653,1755675,1755680,1755683,1755693,1755717,1755731-1755737,1755812,1755828,1755884,1755890,1755918-1755919,1755942,1755958,1755960,1755970,1755993,1756013,1756019,1756039,1756056,1756083-1756114,1756175,1756288-1756289,1756408-1 756410,1756778,1756798,1756878,1756898,1756939,1757123-1757124,1757126,1757128,1757132-1757133,1757136,1757145,1757167-1757168,1757175,1757180,1757182,1757195,1757271,1757278,1757347,1757353-1757354,1757363,1757374,1757399,1757406,1757408,1757485,1757495,1757499,1757527,1757578,1757684,1757722,1757727,1757790,1757799,1757813,1757853,1757883,1757903,1757976,1757997,1758000,1758058,1758072-1758075,1758078-1758079,1758223,1758257,1758261,1758276,1758292,1758369,1758378-1758383,1758421,1758423,1758425-1758427,1758430,1758443,1758448,1758459,1758483,1758486-1758487,1758499,1758525,1758556,1758580,1758582,1758584,1758588,1758842,1759019,1759212,1759224,1759227,1759252,1759274,1759513-1759516,1759611,1759757,1759785-1759790,1760005,1760022,1760109-1760110,1760135,1760200-1760201,1760227,1760300,1760397,1760446,1760454,1760640,1760648,1761057,1761422,1761491,1761498,1761500-1761501,1761550,1761553,1761572,1761574,1761625-1761626,1761628,1761682,1761740,1761752,1762051-1762053,1762123,176216
svn commit: r1805645 - in /tomcat/trunk: java/org/apache/catalina/loader/WebappClassLoaderBase.java webapps/docs/changelog.xml
Author: markt Date: Mon Aug 21 15:24:42 2017 New Revision: 1805645 URL: http://svn.apache.org/viewvc?rev=1805645=rev Log: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=61424 The trick to avoid the relatively slow ClassNotFoundException has another edge case that can trigger a StackOverflowError. Switch to a general fix that handles the known edge cases and should handle as yet unknown edge cases. Modified: tomcat/trunk/java/org/apache/catalina/loader/WebappClassLoaderBase.java tomcat/trunk/webapps/docs/changelog.xml Modified: tomcat/trunk/java/org/apache/catalina/loader/WebappClassLoaderBase.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/loader/WebappClassLoaderBase.java?rev=1805645=1805644=1805645=diff == --- tomcat/trunk/java/org/apache/catalina/loader/WebappClassLoaderBase.java (original) +++ tomcat/trunk/java/org/apache/catalina/loader/WebappClassLoaderBase.java Mon Aug 21 15:24:42 2017 @@ -1175,8 +1175,14 @@ public abstract class WebappClassLoaderB // https://bz.apache.org/bugzilla/show_bug.cgi?id=58125 for // details) when running under a security manager in rare cases // this call may trigger a ClassCircularityError. +// See https://bz.apache.org/bugzilla/show_bug.cgi?id=61424 for +// details of how this may trigger a StackOverflowError +// Given these reported errors, catch Throwable to ensure any +// other edge cases are also caught tryLoadingFromJavaseLoader = (javaseLoader.getResource(resourceName) != null); -} catch (ClassCircularityError cce) { +} catch (Throwable t) { +// Swallow all exceptions apart from those that must be re-thrown +ExceptionUtils.handleThrowable(t); // The getResource() trick won't work for this class. We have to // try loading it directly and accept that we might get a // ClassNotFoundException. Modified: tomcat/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1805645=1805644=1805645=diff == --- tomcat/trunk/webapps/docs/changelog.xml (original) +++ tomcat/trunk/webapps/docs/changelog.xml Mon Aug 21 15:24:42 2017 @@ -64,6 +64,11 @@ warning about not being able to read a logging configuration file when that file does not exist. (markt) + +61424: Avoid a possible StackOverflowError when +running under a SecurityManager and using +Subject.doAs(). (markt) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 61447] New: Link is 404
https://bz.apache.org/bugzilla/show_bug.cgi?id=61447 Bug ID: 61447 Summary: Link is 404 Product: Tomcat 9 Version: 9.0.0.M26 Hardware: PC URL: https://tomcat.apache.org/download-90.cgi Status: NEW Severity: normal Priority: P2 Component: Documentation Assignee: dev@tomcat.apache.org Reporter: apachetomcat.to.dav...@spamgourmet.com Target Milestone: - "The requested URL /pub/apache/tomcat/tomcat-9/v9.0.0.M26/bin/apache-tomcat-9.0.0.M26.exe was not found on this server." is returned when trying to download "32-bit/64-bit Windows Service Installer". -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 58244] two way SSL loses client certificate after a few requests
https://bz.apache.org/bugzilla/show_bug.cgi?id=58244 Mark Thomaschanged: What|Removed |Added Resolution|--- |FIXED Status|NEW |RESOLVED --- Comment #17 from Mark Thomas --- It looks like the OpenSSL behaviour isn't going to change so I've gone ahead and handled this in the Tomcat code. Fixed in: - trunk for 9.0.0.M27 onwards - 8.5.x for 8.5.21 onwards - 8.0.x for 8.0.47 onwards - 7.0.x for 7.0.82 onwards -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1805640 - in /tomcat/tc7.0.x/trunk: ./ java/org/apache/coyote/http11/Http11AprProcessor.java webapps/docs/changelog.xml
Author: markt Date: Mon Aug 21 14:15:37 2017 New Revision: 1805640 URL: http://svn.apache.org/viewvc?rev=1805640=rev Log: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=58244 Handle the case when OpenSSL resumes a TLS session using a ticket and the full client certificate chain is not available. In this case the client certificate without the chain will be presented to the application. Modified: tomcat/tc7.0.x/trunk/ (props changed) tomcat/tc7.0.x/trunk/java/org/apache/coyote/http11/Http11AprProcessor.java tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Propchange: tomcat/tc7.0.x/trunk/ -- --- svn:mergeinfo (original) +++ svn:mergeinfo Mon Aug 21 14:15:37 2017 @@ -1,3 +1,3 @@ /tomcat/tc8.0.x/trunk:1636525,1637336,1637685,1637709,1638726,1640089,1640276,1640349,1640363,1640366,1640642,1640672,1640674,1640689,1640884,1641001,1641065,1641067,1641375,1641638,1641723,1641726,1641729-1641730,1641736,1641988,1642669-1642670,1642698,1642701,1643205,1643215,1643217,1643230,1643232,1643273,1643285,1643329-1643330,1643511,1643513,1643521,1643539,1643571,1643581-1643582,1643635,1643655,1643738,1643964,1644018,1644333,1644525,1644954,1644992,1645014,1645360,1645456,1645627,1645642,1645686,1645903-1645904,1645908-1645909,1645913,1645920,1646458,1646460-1646462,1646735,1646738-1646741,1646744,1646746,1646748-1646755,1646757,1646759-1646760,1647043,1648816,1651420-1651422,1651844,1652926,1652939-1652940,1652973,1653798,1653817,1653841,1654042,1654161,1654736,1654767,1654787,1656592,1659907,1662986,1663265,1663278,1663325,1663535,1663567,1663679,1663997,1664175,1664321,1664872,1665061,1665086,1666027,1666395,1666503,1666506,1666560,1666570,1666581,1666759,1666967,1666988 ,1667553-1667555,1667558,1667617,1667633,1667637,1667747,1667767,1667873,1668028,1668137,1668634,1669432,1669801,1669840,1669895-1669896,1670398,1670435,1670592,1670605-1670607,1670609,1670632,1670720,1670725,1670727,1670731,1671114,1672273,1672285,1673759,1674220,1674295,1675469,1675488,1675595,1675831,1676232,1676367-1676369,1676382,1676394,1676483,1676556,1676635,1678178,1679536,1679988,1680256,1681124,1681182,1681703,1681730,1681840,1681864,1681869,1682010,1682034,1682047,1682052-1682053,1682062,1682064,1682070,1682312,1682325,1682331,1682386,1684367,1684385,1685759,1685774,1685827,1685892,1687341,1688904,1689358,1689657,1689921,1692850,1693093,1693108,1693324,1694060,1694115,1694291,1694427,1694431,1694503,1694549,1694789,1694873,1694881,1695356,1695372,1695823-1695825,1696200,1696281,1696379,1696468,1700608,1700871,1700897,1700978,1701094,1701124,1701608,1701668,1701676,1701766,1701944,1702248,1702252,1702314,1702390,1702723,1702725,1702728,1702730,1702733,1702735,1702737,1702 739,1702742,1702744,1702748,1702751,1702754,1702758,1702760,1702763,1702766,1708779,1708782,1708806,1709314,1709670,1710347,1710442,1710448,1710490,1710574,1710578,1712226,1712229,1712235,1712255,1712618,1712649,1712655,1712860,1712899,1712903,1712906,1712913,1712926,1712975,1713185,1713262,1713287,1713613,1713621,1713872,1713976,1713994,1713998,1714004,1714013,1714059,1714538,1714580,1715189,1715207,1715544,1715549,1715637,1715639-1715645,1715667,1715683,1715866,1715978,1715981,1716216-1716217,1716355,1716414,1716421,1717208-1717209,1717257,1717283,1717288,1717291,1717421,1717517,1717529,1718797,1718840-1718843,1719348,1719357-1719358,1719400,1719491,1719737,1720235,1720396,1720442,1720446,1720450,1720463,1720658-1720660,1720756,1720816,1721813,1721818,1721831,1721861,1721867,1721882,1722523,1722527,1722800,1722926,1722941,1722997,1723130,1723440,1723488,1723890,1724434,1724674,1724792,1724803,1724902,1725128,1725131,1725154,1725167,1725911,1725921,1725929,1725963-1725965,1725970,1 725974,1726171-1726173,1726175,1726179-1726182,1726190-1726191,1726195-1726200,1726203,1726226,1726576,1726630,1726992,1727029,1727037,1727671,1727676,1727900,1728028,1728092,1728439,1728449,1729186,1729362,1731009,1731303,1731867,1731872,1731874,1731876,1731885,1731947,1731955,1731959,1731977,1731984,1732360,1732490,1732672,1732902,1733166,1733603,1733619,1733735,1733752,1733764,1733915,1733941,1733964,1734115,1734133,1734261,1734421,1734531,1736286,1737967,1738173,1738182,1738992,1739039,1739089-1739091,1739294,1739777,1739821,1739981,1740513,1740726,1741019,1741162,1741217,1743647,1743681,1744152,1744272,1746732,1746750,1752739,1754615,1755886,1756018,1759565,1761686,1762173,1762206,1766280,1767507-1767508,1767653,1767656,1769267,1772949,1773521,1773527,1774104,1777015,1777213,1779330,1783151,1784188,1784966,1785670,1786846,1788260,1788999,1789140,1789402,1791529,1791559,1795291,1796906,1797523,1799214,1800998-1800999,1801003,1801007-1801008,1801017,1801020,1802808,1802814,180361 8
svn commit: r1805639 - in /tomcat/tc8.0.x/trunk: ./ java/org/apache/coyote/http11/Http11AprProcessor.java webapps/docs/changelog.xml webapps/docs/config/http.xml
Author: markt Date: Mon Aug 21 14:11:14 2017 New Revision: 1805639 URL: http://svn.apache.org/viewvc?rev=1805639=rev Log: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=58244 Handle the case when OpenSSL resumes a TLS session using a ticket and the full client certificate chain is not available. In this case the client certificate without the chain will be presented to the application. Modified: tomcat/tc8.0.x/trunk/ (props changed) tomcat/tc8.0.x/trunk/java/org/apache/coyote/http11/Http11AprProcessor.java tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml tomcat/tc8.0.x/trunk/webapps/docs/config/http.xml Propchange: tomcat/tc8.0.x/trunk/ -- --- svn:mergeinfo (original) +++ svn:mergeinfo Mon Aug 21 14:11:14 2017 @@ -1,2 +1,2 @@ /tomcat/tc8.5.x/trunk:1735042,1737966,1743139-1743140,1744151,1747537,1747925,1748002,1754614,1754643,1762124,1762183,1762203,1763792,1772948,1777014,1779719,1782037,1782240,1782386-1782387,1785669,1786845,1788249,1788324,1788905,1789216,1789335,1791528,1791558,1796697-1796698,1797521,1798543,1799162,1800143,1801693,1802805 -/tomcat/trunk:1636524,1637156,1637176,1637188,1637331,1637684,1637695,1637890,1637892,1638720-1638725,1639653,1640010,1640083-1640084,1640088,1640275,1640322,1640347,1640361,1640365,1640403,1640410,1640652,1640655-1640658,1640688,1640700-1640883,1640903,1640976,1640978,1641000,1641026,1641038-1641039,1641051-1641052,1641058,1641064,1641300,1641369,1641374,1641380,1641486,1641634,1641656-1641692,1641704,1641707-1641718,1641720-1641722,1641735,1641981,1642233,1642280,1642554,1642564,1642595,1642606,1642668,1642679,1642697,1642699,1642766,1643002,1643045,1643054-1643055,1643066,1643121,1643128,1643206,1643209-1643210,1643216,1643249,1643270,1643283,1643309-1643310,1643323,1643365-1643366,1643370-1643371,1643465,1643474,1643536,1643570,1643634,1643649,1643651,1643654,1643675,1643731,1643733-1643734,1643761,1643766,1643814,1643937,1643963,1644017,1644169,1644201-1644203,1644321,1644323,1644516,1644523,1644529,1644535,1644730,1644768,1644784-1644785,1644790,1644793,1644815,1644884,1644886 ,1644890,1644892,1644910,1644924,1644929-1644930,1644935,1644989,1645011,1645247,1645355,1645357-1645358,1645455,1645465,1645469,1645471,1645473,1645475,1645486-1645488,1645626,1645641,1645685,1645743,1645763,1645951-1645953,1645955,1645993,1646098-1646106,1646178,1646220,1646302,1646304,1646420,1646470-1646471,1646476,1646559,1646717-1646723,1646773,1647026,1647042,1647530,1647655,1648304,1648815,1648907,1649973,1650081,1650365,1651116,1651120,1651280,1651470,1652938,1652970,1653041,1653471,1653550,1653574,1653797,1653815-1653816,1653819,1653840,1653857,1653888,1653972,1654013,1654030,1654050,1654123,1654148,1654159,1654513,1654515,1654517,1654522,1654524,1654725,1654735,1654766,1654785,1654851-1654852,1654978,1655122-1655124,1655126-1655127,1655129-1655130,1655132-1655133,1655312,1655351,1655438,1655441,1655454,168,1656087,1656299,1656319,1656331,1656345,1656350,1656590,1656648-1656650,1656657,1657041,1657054,1657374,1657492,1657510,1657565,1657580,1657584,1657586,1657589,1657 592,1657607,1657609,1657682,1657907,1658207,1658734,1658781,1658790,1658799,1658802,1658804,1658833,1658840,1658966,1659043,1659053,1659059,1659174,1659184,1659188-1659189,1659216,1659263,1659293,1659304,1659306-1659307,1659382,1659384,1659428,1659471,1659486,1659505,1659516,1659521,1659524,1659559,1659562,1659803,1659806,1659814,1659833,1659862,1659905,1659919,1659948,1659967,1659983-1659984,1660060,1660074,1660077,1660133,1660168,1660331-1660332,1660353,1660358,1660924,1661386,1661770,1661867,1661972,1661990,1662200,1662308-1662309,1662548,1662614,1662696,1662736,1662985,1662988-1662989,1663264,1663277,1663298,1663534,1663562,1663676,1663715,1663754,1663768,1663772,1663781,1663893,1663995,1664143,1664163,1664174,1664301,1664317,1664347,1664657,1664659,1664710,1664863-1664864,1664866,1665085,1665292,1665559,1665653,1665661,1665672,1665694,1665697,1665736,1665779,1665976-1665977,1665980-1665981,1665985-1665986,1665989,1665998,1666004,1666008,1666013,1666017,1666024,1666116,1666386-1
svn commit: r1805638 - in /tomcat/tc8.5.x/trunk: ./ java/org/apache/tomcat/util/net/AprSSLSupport.java webapps/docs/changelog.xml webapps/docs/config/http.xml
Author: markt Date: Mon Aug 21 14:03:53 2017 New Revision: 1805638 URL: http://svn.apache.org/viewvc?rev=1805638=rev Log: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=58244 Handle the case when OpenSSL resumes a TLS session using a ticket and the full client certificate chain is not available. In this case the client certificate without the chain will be presented to the application. Modified: tomcat/tc8.5.x/trunk/ (props changed) tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/AprSSLSupport.java tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml tomcat/tc8.5.x/trunk/webapps/docs/config/http.xml Propchange: tomcat/tc8.5.x/trunk/ -- --- svn:mergeinfo (original) +++ svn:mergeinfo Mon Aug 21 14:03:53 2017 @@ -1 +1 @@ -/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409,1741501 ,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745083,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745473,1745535,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747404,1747506,1747 536,1747924,1747980,1747993,1748001,1748253,1748452,1748547,1748629,1748676,1748715,1749287,1749296,1749328,1749373,1749465,1749506,1749508,1749665-1749666,1749763,1749865-1749866,1749898,1749978,1749980,1750011,1750015,1750056,1750480,1750617,1750634,1750692,1750697,1750700,1750703,1750707,1750714,1750718,1750723,1750774,1750899,1750975,1750995,1751061,1751097,1751173,1751438,1751447,1751463,1751702,1752212,1752737,1752745,1753078,1753080,1753358,1753363,1754111,1754140-1754141,1754281,1754310,1754445,1754467,1754494,1754496,1754528,1754532-1754533,1754613,1754714,1754874,1754941,1754944,1754950-1754951,1755005,1755007,1755009,1755132,1755180-1755181,1755185,1755190,1755204-1755206,1755208,1755214,1755224,1755227,1755230,1755629,1755646-1755647,1755650,1755653,1755675,1755680,1755683,1755693,1755717,1755731-1755737,1755812,1755828,1755884,1755890,1755918-1755919,1755942,1755958,1755960,1755970,1755993,1756013,1756019,1756039,1756056,1756083-1756114,1756175,1756288-1756289,1756408-1 756410,1756778,1756798,1756878,1756898,1756939,1757123-1757124,1757126,1757128,1757132-1757133,1757136,1757145,1757167-1757168,1757175,1757180,1757182,1757195,1757271,1757278,1757347,1757353-1757354,1757363,1757374,1757399,1757406,1757408,1757485,1757495,1757499,1757527,1757578,1757684,1757722,1757727,1757790,1757799,1757813,1757853,1757883,1757903,1757976,1757997,1758000,1758058,1758072-1758075,1758078-1758079,1758223,1758257,1758261,1758276,1758292,1758369,1758378-1758383,1758421,1758423,1758425-1758427,1758430,1758443,1758448,1758459,1758483,1758486-1758487,1758499,1758525,1758556,1758580,1758582,1758584,1758588,1758842,1759019,1759212,1759224,1759227,1759252,1759274,1759513-1759516,1759611,1759757,1759785-1759790,1760005,1760022,1760109-1760110,1760135,1760200-1760201,1760227,1760300,1760397,1760446,1760454,1760640,1760648,1761057,1761422,1761491,1761498,1761500-1761501,1761550,1761553,1761572,1761574,1761625-1761626,1761628,1761682,1761740,1761752,1762051-1762053,1762123,176216
svn commit: r1805637 - in /tomcat/trunk: java/org/apache/tomcat/util/net/AprSSLSupport.java webapps/docs/changelog.xml webapps/docs/config/http.xml
Author: markt Date: Mon Aug 21 14:00:32 2017 New Revision: 1805637 URL: http://svn.apache.org/viewvc?rev=1805637=rev Log: Handle the case when OpenSSL resumes a TLS session using a ticket and the full client certificate chain is not available. In this case the client certificate without the chain will be presented to the application. Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AprSSLSupport.java tomcat/trunk/webapps/docs/changelog.xml tomcat/trunk/webapps/docs/config/http.xml Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AprSSLSupport.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AprSSLSupport.java?rev=1805637=1805636=1805637=diff == --- tomcat/trunk/java/org/apache/tomcat/util/net/AprSSLSupport.java (original) +++ tomcat/trunk/java/org/apache/tomcat/util/net/AprSSLSupport.java Mon Aug 21 14:00:32 2017 @@ -54,11 +54,17 @@ public class AprSSLSupport implements SS @Override public X509Certificate[] getPeerCertificateChain() throws IOException { try { -// certLength == -1 indicates an error +// certLength == -1 indicates an error unless TLS session tickets +// are in use in which case OpenSSL won't store the chain in the +// ticket. int certLength = socketWrapper.getSSLInfoI(SSL.SSL_INFO_CLIENT_CERT_CHAIN); byte[] clientCert = socketWrapper.getSSLInfoB(SSL.SSL_INFO_CLIENT_CERT); X509Certificate[] certs = null; -if (clientCert != null && certLength > -1) { + +if (clientCert != null) { +if (certLength < 0) { +certLength = 0; +} certs = new X509Certificate[certLength + 1]; CertificateFactory cf; if (clientCertProvider == null) { Modified: tomcat/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1805637=1805636=1805637=diff == --- tomcat/trunk/webapps/docs/changelog.xml (original) +++ tomcat/trunk/webapps/docs/changelog.xml Mon Aug 21 14:00:32 2017 @@ -106,6 +106,12 @@ Ensure that the APR/native connector uses blocking I/O for TLS renegotiation. (markt) + +58244: Handle the case when OpenSSL resumes a TLS session +using a ticket and the full client certificate chain is not available. +In this case the client certificate without the chain will be presented +to the application. (markt) + Modified: tomcat/trunk/webapps/docs/config/http.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/http.xml?rev=1805637=1805636=1805637=diff == --- tomcat/trunk/webapps/docs/config/http.xml (original) +++ tomcat/trunk/webapps/docs/config/http.xml Mon Aug 21 14:00:32 2017 @@ -1192,8 +1192,12 @@ OpenSSL only. - Disables use of TLS Session Tickets (RFC 4507) if set to - true. Default is false. + Disables use of TLS session tickets (RFC 5077) if set to + true. Default is false. Note that when TLS + session tickets are in use, the full peer certificate chain will only be + available on the first connection. Subsequent connections (that use a + ticket to estrablish the TLS session) will only have the peer certificate, + not the full chain. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 58263] Crash during TLS handshake
https://bz.apache.org/bugzilla/show_bug.cgi?id=58263 Mark Thomaschanged: What|Removed |Added Resolution|--- |WONTFIX Status|NEW |RESOLVED --- Comment #2 from Mark Thomas --- It is unlikely that the 1.1.x branch will see any further development. Please switch to the 1.2.x branch. If you still see this problem with the latest 1.2.x release, please open a new issue against 1.2.x and we will investigate. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 59811] TLS Session ID not available if session tickets are used
https://bz.apache.org/bugzilla/show_bug.cgi?id=59811 Mark Thomaschanged: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #1 from Mark Thomas --- Digging into to RFC 5077, it is very likely that there will be no session ID when session tickets are being used. Therefore, we need to handle this in the Tomcat code. This was fixed a few weeks ago in r1799701 and r1799703 -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 61422] Feature requests for tc-native based on forked netty-tcnative
https://bz.apache.org/bugzilla/show_bug.cgi?id=61422 Mark Thomaschanged: What|Removed |Added OS||All Status|NEW |RESOLVED Resolution|--- |WONTFIX --- Comment #1 from Mark Thomas --- Please create separate Bugzilla entries for each of these feature requests (where one does not exist already - e.g. bug 58434) and we'll take a look. Resolving as WONTFIX only because no further action will be taken on this issue. The individual enhancement requests will be looked at on a case by case basis. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 61210] When using the Security Manager, Tomcat prints warning about a non-existent file
https://bz.apache.org/bugzilla/show_bug.cgi?id=61210 Mark Thomaschanged: What|Removed |Added Resolution|--- |FIXED Status|NEW |RESOLVED --- Comment #11 from Mark Thomas --- It has been a while so I've applied my patch for this. Fixed in: - trunk for 9.0.0.M27 onwards - 8.5.x for 8.5.21 onwards - 8.0.x for 8.0.47 onwards -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1805616 - in /tomcat/tc8.0.x/trunk: ./ java/org/apache/catalina/loader/ java/org/apache/catalina/security/ java/org/apache/juli/ webapps/docs/
Author: markt Date: Mon Aug 21 09:52:01 2017 New Revision: 1805616 URL: http://svn.apache.org/viewvc?rev=1805616=rev Log: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=61210 When running under a SecurityManager, do not print a warning about not being able to read a logging configuration file when that file does not exist. Modified: tomcat/tc8.0.x/trunk/ (props changed) tomcat/tc8.0.x/trunk/java/org/apache/catalina/loader/WebappClassLoaderBase.java tomcat/tc8.0.x/trunk/java/org/apache/catalina/security/SecurityClassLoad.java tomcat/tc8.0.x/trunk/java/org/apache/juli/ClassLoaderLogManager.java tomcat/tc8.0.x/trunk/java/org/apache/juli/WebappProperties.java tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml Propchange: tomcat/tc8.0.x/trunk/ -- --- svn:mergeinfo (original) +++ svn:mergeinfo Mon Aug 21 09:52:01 2017 @@ -1,2 +1,2 @@ /tomcat/tc8.5.x/trunk:1735042,1737966,1743139-1743140,1744151,1747537,1747925,1748002,1754614,1754643,1762124,1762183,1762203,1763792,1772948,1777014,1779719,1782037,1782240,1782386-1782387,1785669,1786845,1788249,1788324,1788905,1789216,1789335,1791528,1791558,1796697-1796698,1797521,1798543,1799162,1800143,1801693,1802805 -/tomcat/trunk:1636524,1637156,1637176,1637188,1637331,1637684,1637695,1637890,1637892,1638720-1638725,1639653,1640010,1640083-1640084,1640088,1640275,1640322,1640347,1640361,1640365,1640403,1640410,1640652,1640655-1640658,1640688,1640700-1640883,1640903,1640976,1640978,1641000,1641026,1641038-1641039,1641051-1641052,1641058,1641064,1641300,1641369,1641374,1641380,1641486,1641634,1641656-1641692,1641704,1641707-1641718,1641720-1641722,1641735,1641981,1642233,1642280,1642554,1642564,1642595,1642606,1642668,1642679,1642697,1642699,1642766,1643002,1643045,1643054-1643055,1643066,1643121,1643128,1643206,1643209-1643210,1643216,1643249,1643270,1643283,1643309-1643310,1643323,1643365-1643366,1643370-1643371,1643465,1643474,1643536,1643570,1643634,1643649,1643651,1643654,1643675,1643731,1643733-1643734,1643761,1643766,1643814,1643937,1643963,1644017,1644169,1644201-1644203,1644321,1644323,1644516,1644523,1644529,1644535,1644730,1644768,1644784-1644785,1644790,1644793,1644815,1644884,1644886 ,1644890,1644892,1644910,1644924,1644929-1644930,1644935,1644989,1645011,1645247,1645355,1645357-1645358,1645455,1645465,1645469,1645471,1645473,1645475,1645486-1645488,1645626,1645641,1645685,1645743,1645763,1645951-1645953,1645955,1645993,1646098-1646106,1646178,1646220,1646302,1646304,1646420,1646470-1646471,1646476,1646559,1646717-1646723,1646773,1647026,1647042,1647530,1647655,1648304,1648815,1648907,1649973,1650081,1650365,1651116,1651120,1651280,1651470,1652938,1652970,1653041,1653471,1653550,1653574,1653797,1653815-1653816,1653819,1653840,1653857,1653888,1653972,1654013,1654030,1654050,1654123,1654148,1654159,1654513,1654515,1654517,1654522,1654524,1654725,1654735,1654766,1654785,1654851-1654852,1654978,1655122-1655124,1655126-1655127,1655129-1655130,1655132-1655133,1655312,1655351,1655438,1655441,1655454,168,1656087,1656299,1656319,1656331,1656345,1656350,1656590,1656648-1656650,1656657,1657041,1657054,1657374,1657492,1657510,1657565,1657580,1657584,1657586,1657589,1657 592,1657607,1657609,1657682,1657907,1658207,1658734,1658781,1658790,1658799,1658802,1658804,1658833,1658840,1658966,1659043,1659053,1659059,1659174,1659184,1659188-1659189,1659216,1659263,1659293,1659304,1659306-1659307,1659382,1659384,1659428,1659471,1659486,1659505,1659516,1659521,1659524,1659559,1659562,1659803,1659806,1659814,1659833,1659862,1659905,1659919,1659948,1659967,1659983-1659984,1660060,1660074,1660077,1660133,1660168,1660331-1660332,1660353,1660358,1660924,1661386,1661770,1661867,1661972,1661990,1662200,1662308-1662309,1662548,1662614,1662696,1662736,1662985,1662988-1662989,1663264,1663277,1663298,1663534,1663562,1663676,1663715,1663754,1663768,1663772,1663781,1663893,1663995,1664143,1664163,1664174,1664301,1664317,1664347,1664657,1664659,1664710,1664863-1664864,1664866,1665085,1665292,1665559,1665653,1665661,1665672,1665694,1665697,1665736,1665779,1665976-1665977,1665980-1665981,1665985-1665986,1665989,1665998,1666004,1666008,1666013,1666017,1666024,1666116,1666386-1
svn commit: r1805614 - in /tomcat/tc8.5.x/trunk: ./ java/org/apache/catalina/loader/ java/org/apache/catalina/security/ java/org/apache/juli/ webapps/docs/
Author: markt Date: Mon Aug 21 09:49:47 2017 New Revision: 1805614 URL: http://svn.apache.org/viewvc?rev=1805614=rev Log: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=61210 When running under a SecurityManager, do not print a warning about not being able to read a logging configuration file when that file does not exist. Modified: tomcat/tc8.5.x/trunk/ (props changed) tomcat/tc8.5.x/trunk/java/org/apache/catalina/loader/WebappClassLoaderBase.java tomcat/tc8.5.x/trunk/java/org/apache/catalina/security/SecurityClassLoad.java tomcat/tc8.5.x/trunk/java/org/apache/juli/ClassLoaderLogManager.java tomcat/tc8.5.x/trunk/java/org/apache/juli/WebappProperties.java tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml Propchange: tomcat/tc8.5.x/trunk/ -- --- svn:mergeinfo (original) +++ svn:mergeinfo Mon Aug 21 09:49:47 2017 @@ -1 +1 @@ -/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409,1741501 ,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745083,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745473,1745535,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747404,1747506,1747 536,1747924,1747980,1747993,1748001,1748253,1748452,1748547,1748629,1748676,1748715,1749287,1749296,1749328,1749373,1749465,1749506,1749508,1749665-1749666,1749763,1749865-1749866,1749898,1749978,1749980,1750011,1750015,1750056,1750480,1750617,1750634,1750692,1750697,1750700,1750703,1750707,1750714,1750718,1750723,1750774,1750899,1750975,1750995,1751061,1751097,1751173,1751438,1751447,1751463,1751702,1752212,1752737,1752745,1753078,1753080,1753358,1753363,1754111,1754140-1754141,1754281,1754310,1754445,1754467,1754494,1754496,1754528,1754532-1754533,1754613,1754714,1754874,1754941,1754944,1754950-1754951,1755005,1755007,1755009,1755132,1755180-1755181,1755185,1755190,1755204-1755206,1755208,1755214,1755224,1755227,1755230,1755629,1755646-1755647,1755650,1755653,1755675,1755680,1755683,1755693,1755717,1755731-1755737,1755812,1755828,1755884,1755890,1755918-1755919,1755942,1755958,1755960,1755970,1755993,1756013,1756019,1756039,1756056,1756083-1756114,1756175,1756288-1756289,1756408-1 756410,1756778,1756798,1756878,1756898,1756939,1757123-1757124,1757126,1757128,1757132-1757133,1757136,1757145,1757167-1757168,1757175,1757180,1757182,1757195,1757271,1757278,1757347,1757353-1757354,1757363,1757374,1757399,1757406,1757408,1757485,1757495,1757499,1757527,1757578,1757684,1757722,1757727,1757790,1757799,1757813,1757853,1757883,1757903,1757976,1757997,1758000,1758058,1758072-1758075,1758078-1758079,1758223,1758257,1758261,1758276,1758292,1758369,1758378-1758383,1758421,1758423,1758425-1758427,1758430,1758443,1758448,1758459,1758483,1758486-1758487,1758499,1758525,1758556,1758580,1758582,1758584,1758588,1758842,1759019,1759212,1759224,1759227,1759252,1759274,1759513-1759516,1759611,1759757,1759785-1759790,1760005,1760022,1760109-1760110,1760135,1760200-1760201,1760227,1760300,1760397,1760446,1760454,1760640,1760648,1761057,1761422,1761491,1761498,1761500-1761501,1761550,1761553,1761572,1761574,1761625-1761626,1761628,1761682,1761740,1761752,1762051-1762053,1762123,176216
svn commit: r1805613 - in /tomcat/trunk: java/org/apache/catalina/loader/ java/org/apache/catalina/security/ java/org/apache/juli/ webapps/docs/
Author: markt Date: Mon Aug 21 09:48:09 2017 New Revision: 1805613 URL: http://svn.apache.org/viewvc?rev=1805613=rev Log: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=61210 When running under a SecurityManager, do not print a warning about not being able to read a logging configuration file when that file does not exist. Modified: tomcat/trunk/java/org/apache/catalina/loader/WebappClassLoaderBase.java tomcat/trunk/java/org/apache/catalina/security/SecurityClassLoad.java tomcat/trunk/java/org/apache/juli/ClassLoaderLogManager.java tomcat/trunk/java/org/apache/juli/WebappProperties.java tomcat/trunk/webapps/docs/changelog.xml Modified: tomcat/trunk/java/org/apache/catalina/loader/WebappClassLoaderBase.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/loader/WebappClassLoaderBase.java?rev=1805613=1805612=1805613=diff == --- tomcat/trunk/java/org/apache/catalina/loader/WebappClassLoaderBase.java (original) +++ tomcat/trunk/java/org/apache/catalina/loader/WebappClassLoaderBase.java Mon Aug 21 09:48:09 2017 @@ -2485,4 +2485,24 @@ public abstract class WebappClassLoaderB } return null; } + + +@Override +public boolean hasLoggingConfig() { +if (Globals.IS_SECURITY_ENABLED) { +Boolean result = AccessController.doPrivileged(new PrivilegedHasLoggingConfig()); +return result.booleanValue(); +} else { +return findResource("logging.properties") != null; +} +} + + +private class PrivilegedHasLoggingConfig implements PrivilegedAction { + +@Override +public Boolean run() { +return Boolean.valueOf(findResource("logging.properties") != null); +} +} } Modified: tomcat/trunk/java/org/apache/catalina/security/SecurityClassLoad.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/security/SecurityClassLoad.java?rev=1805613=1805612=1805613=diff == --- tomcat/trunk/java/org/apache/catalina/security/SecurityClassLoad.java (original) +++ tomcat/trunk/java/org/apache/catalina/security/SecurityClassLoad.java Mon Aug 21 09:48:09 2017 @@ -74,6 +74,7 @@ public final class SecurityClassLoad { private static final void loadLoaderPackage(ClassLoader loader) throws Exception { final String basePackage = "org.apache.catalina.loader."; loader.loadClass(basePackage + "WebappClassLoaderBase$PrivilegedFindClassByName"); +loader.loadClass(basePackage + "WebappClassLoaderBase$PrivilegedHasLoggingConfig"); } Modified: tomcat/trunk/java/org/apache/juli/ClassLoaderLogManager.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/juli/ClassLoaderLogManager.java?rev=1805613=1805612=1805613=diff == --- tomcat/trunk/java/org/apache/juli/ClassLoaderLogManager.java (original) +++ tomcat/trunk/java/org/apache/juli/ClassLoaderLogManager.java Mon Aug 21 09:48:09 2017 @@ -426,7 +426,11 @@ public class ClassLoaderLogManager exten // Special case for URL classloaders which are used in containers: // only look in the local repositories to avoid redefining loggers 20 times try { -if (classLoader instanceof URLClassLoader) { +if (classLoader instanceof WebappProperties) { +if (((WebappProperties) classLoader).hasLoggingConfig()) { +is = classLoader.getResourceAsStream("logging.properties"); +} +} else if (classLoader instanceof URLClassLoader) { URL logConfig = ((URLClassLoader)classLoader).findResource("logging.properties"); if(null != logConfig) { Modified: tomcat/trunk/java/org/apache/juli/WebappProperties.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/juli/WebappProperties.java?rev=1805613=1805612=1805613=diff == --- tomcat/trunk/java/org/apache/juli/WebappProperties.java (original) +++ tomcat/trunk/java/org/apache/juli/WebappProperties.java Mon Aug 21 09:48:09 2017 @@ -51,4 +51,15 @@ public interface WebappProperties { * null if none is available. */ String getServiceName(); + +/** + * Enables JULI to determine if the web application includes a local + * configuration without JULI having to look for the file which it may not + * have permission to do when running under a SecurityManager. + * + * @return {@code true} if the web application includes a logging + * configuration at the standard location of + * /WEB-INF/classes/logging.properties. + */ +boolean hasLoggingConfig(); } Modified: tomcat/trunk/webapps/docs/changelog.xml
svn commit: r1805612 - in /tomcat/trunk: java/org/apache/tomcat/util/net/openssl/OpenSSLConf.java test/org/apache/tomcat/util/net/TesterSupport.java
Author: markt Date: Mon Aug 21 09:44:16 2017 New Revision: 1805612 URL: http://svn.apache.org/viewvc?rev=1805612=rev Log: Fix IDE nags Modified: tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLConf.java tomcat/trunk/test/org/apache/tomcat/util/net/TesterSupport.java Modified: tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLConf.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLConf.java?rev=1805612=1805611=1805612=diff == --- tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLConf.java (original) +++ tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLConf.java Mon Aug 21 09:44:16 2017 @@ -29,7 +29,7 @@ public class OpenSSLConf { private static final Log log = LogFactory.getLog(OpenSSLConf.class); private static final StringManager sm = StringManager.getManager(OpenSSLConf.class); -private final List commands = new ArrayList(); +private final List commands = new ArrayList<>(); public void addCmd(OpenSSLConfCmd cmd) { commands.add(cmd); @@ -65,10 +65,12 @@ public class OpenSSLConf { return false; } if (rc <= 0) { -log.error(sm.getString("opensslconf.failedCommand", name, value, rc)); +log.error(sm.getString("opensslconf.failedCommand", name, value, +Integer.toString(rc))); result = false; } else if (log.isDebugEnabled()) { -log.debug(sm.getString("opensslconf.resultCommand", name, value, rc)); +log.debug(sm.getString("opensslconf.resultCommand", name, value, +Integer.toString(rc))); } } if (!result) { @@ -110,10 +112,12 @@ public class OpenSSLConf { return false; } if (rc <= 0) { -log.error(sm.getString("opensslconf.failedCommand", name, value, rc)); +log.error(sm.getString("opensslconf.failedCommand", name, value, +Integer.toString(rc))); result = false; } else if (log.isDebugEnabled()) { -log.debug(sm.getString("opensslconf.resultCommand", name, value, rc)); +log.debug(sm.getString("opensslconf.resultCommand", name, value, +Integer.toString(rc))); } } try { @@ -124,7 +128,7 @@ public class OpenSSLConf { return false; } if (rc <= 0) { -log.error(sm.getString("opensslconf.finishFailed", rc)); +log.error(sm.getString("opensslconf.finishFailed", Integer.toString(rc))); result = false; } if (!result) { Modified: tomcat/trunk/test/org/apache/tomcat/util/net/TesterSupport.java URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/TesterSupport.java?rev=1805612=1805611=1805612=diff == --- tomcat/trunk/test/org/apache/tomcat/util/net/TesterSupport.java (original) +++ tomcat/trunk/test/org/apache/tomcat/util/net/TesterSupport.java Mon Aug 21 09:44:16 2017 @@ -253,8 +253,8 @@ public final class TesterSupport { return clientAuthExpectedIssuer; } -protected static void trackTrackingKeyManagers(KeyManager wrapper, KeyManager wrapped, - String usage, Principal[] issuers) { +protected static void trackTrackingKeyManagers(@SuppressWarnings("unused") KeyManager wrapper, +@SuppressWarnings("unused") KeyManager wrapped, String usage, Principal[] issuers) { lastUsage = usage; lastRequestedIssuers = issuers; } @@ -268,7 +268,7 @@ public final class TesterSupport { } protected static Principal getLastClientAuthRequestedIssuer(int index) { -return lastRequestedIssuers[0]; +return lastRequestedIssuers[index]; } protected static boolean checkLastClientAuthRequestedIssuers() { - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 61415] SSL protocol error with Chrome, client certificates and OpenSSL/NIO in Tomcat 8.5
https://bz.apache.org/bugzilla/show_bug.cgi?id=61415 Mark Thomaschanged: What|Removed |Added OS||All --- Comment #1 from Mark Thomas --- I can reproduce this with the latest tomcat-native and 9.0.x I also see a JVM crash when shutting down Tomcat after this error. My guess at this point is that Tomcat isn't handling an I/O error during the initial handshake correctly. While the error is easily repeatable, tracking it down is going to be a little tricky because the timing is uncertain. I'm currently investigating tools to make finding this (and similar bugs) a little easier. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1805607 - in /tomcat/site/trunk/docs/native-doc: index.html news/2008.html news/2009.html news/2010.html news/2011.html news/2012.html news/2013.html news/2014.html news/2015.html news/20
Author: markt Date: Mon Aug 21 08:32:53 2017 New Revision: 1805607 URL: http://svn.apache.org/viewvc?rev=1805607=rev Log: Belatedly update site for 1.2.12 release Added: tomcat/site/trunk/docs/native-doc/news/2017.html (with props) Modified: tomcat/site/trunk/docs/native-doc/index.html tomcat/site/trunk/docs/native-doc/news/2008.html tomcat/site/trunk/docs/native-doc/news/2009.html tomcat/site/trunk/docs/native-doc/news/2010.html tomcat/site/trunk/docs/native-doc/news/2011.html tomcat/site/trunk/docs/native-doc/news/2012.html tomcat/site/trunk/docs/native-doc/news/2013.html tomcat/site/trunk/docs/native-doc/news/2014.html tomcat/site/trunk/docs/native-doc/news/2015.html tomcat/site/trunk/docs/native-doc/news/2016.html Modified: tomcat/site/trunk/docs/native-doc/index.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/native-doc/index.html?rev=1805607=1805606=1805607=diff == --- tomcat/site/trunk/docs/native-doc/index.html (original) +++ tomcat/site/trunk/docs/native-doc/index.html Mon Aug 21 08:32:53 2017 @@ -1,5 +1,5 @@ -Apache Tomcat Native Library - Documentation Indexhttp://tomcat.apache.org/;>http://www.apache.org/; target="_blank">Apache Tomcat Native LibraryLinksDocs HomeMiscellaneous DocumentationChangelogNews201620152014201320122011201020092008Documentation IndexIntroduction +Apache Tomcat Native Library - Documentation Indexhttp://tomcat.apache.org/;>http://www.apache.org/; target="_blank">Apache Tomcat Native LibraryLinksDocs HomeMiscellaneous DocumentationChangelogNews2017201620152014201320122011201020092008Documentation IndexIntroduction The Apache Tomcat Native Library is an optional component for use with @@ -32,16 +32,16 @@ manual is described in more detail below Headlines -5 October 2016 - TC-Native-1.2.10 +26 June 2017 - TC-Native-1.2.12 released The Apache Tomcat team is proud to announce the immediate availability of -Tomcat Native 1.2.10 Stable. +Tomcat Native 1.2.12 Stable. The sources and the binaries for selected platforms are available from the Download page. -Please see the ChangeLog for a full +Please see the Changelog for a full list of changes. @@ -156,10 +156,12 @@ Feb 8, 2015 12:27:41 PM org.apache.catal INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true]. Feb 8, 2015 12:27:41 PM org.apache.coyote.http11.Http11AprProtocol init INFO: Initializing Coyote HTTP/1.1 on http-8080 + Refer to the tomcat documentation to configure the connectors -(See http://tomcat.apache.org/tomcat-8.0-doc/apr.html;>Tomcat 8.0.x, -http://tomcat.apache.org/tomcat-7.0-doc/apr.html;>Tomcat 7.0.x +(See http://tomcat.apache.org/tomcat-8.5-doc/apr.html;>Tomcat 8.5.x, +http://tomcat.apache.org/tomcat-8.0-doc/apr.html;>Tomcat 8.0.x, +http://tomcat.apache.org/tomcat-7.0-doc/apr.html;>Tomcat 7.0.x, and http://tomcat.apache.org/tomcat-6.0-doc/apr.html;>Tomcat 6.0.x) Modified: tomcat/site/trunk/docs/native-doc/news/2008.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/native-doc/news/2008.html?rev=1805607=1805606=1805607=diff == --- tomcat/site/trunk/docs/native-doc/news/2008.html (original) +++ tomcat/site/trunk/docs/native-doc/news/2008.html Mon Aug 21 08:32:53 2017 @@ -1,5 +1,5 @@ -The Apache Tomcat Native - News - 2008 News and Statushttp://tomcat.apache.org/;>http://www.apache.org/; target="_blank">The Apache Tomcat Native - NewsLinksDocs Home Miscellaneous DocumentationChangelogNews2016201520142013201220112010200920082008 News and Status2008 News Status +The Apache Tomcat Native - News - 2008 News and Statushttp://tomcat.apache.org/;>http://www.apache.org/; target="_blank">The Apache Tomcat Native - NewsLinksDocs Home Miscellaneous DocumentationChangelogNews20172016201520142013201220112010200920082008 News and Status2008 News Status 18 November - TC-Native-1.1.16 released The Apache Tomcat team is proud to announce the immediate availability of Tomcat Native 1.1.16. This is a stable release adding some bug fixes. Modified: tomcat/site/trunk/docs/native-doc/news/2009.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/native-doc/news/2009.html?rev=1805607=1805606=1805607=diff == --- tomcat/site/trunk/docs/native-doc/news/2009.html (original) +++ tomcat/site/trunk/docs/native-doc/news/2009.html Mon Aug 21 08:32:53 2017 @@ -1,5 +1,5 @@ -The Apache Tomcat Native - News - 2009 News and Statushttp://tomcat.apache.org/;>http://www.apache.org/; target="_blank">The Apache Tomcat Native - NewsLinksDocs Home Miscellaneous DocumentationChangelogNews2016201520142013201220112010200920082009 News and Status2009 News Status +The Apache Tomcat Native - News -
svn commit: r1805606 - in /tomcat/native/trunk: native/src/sslnetwork.c xdocs/miscellaneous/changelog.xml
Author: markt Date: Mon Aug 21 08:22:17 2017 New Revision: 1805606 URL: http://svn.apache.org/viewvc?rev=1805606=rev Log: Fix renegotiation to obtain a client certificate from a user agent. Modified: tomcat/native/trunk/native/src/sslnetwork.c tomcat/native/trunk/xdocs/miscellaneous/changelog.xml Modified: tomcat/native/trunk/native/src/sslnetwork.c URL: http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/sslnetwork.c?rev=1805606=1805605=1805606=diff == --- tomcat/native/trunk/native/src/sslnetwork.c (original) +++ tomcat/native/trunk/native/src/sslnetwork.c Mon Aug 21 08:22:17 2017 @@ -365,13 +365,12 @@ TCN_IMPLEMENT_CALL(jint, SSLSocket, hand * Check for failed client authentication */ if (con->ctx->verify_mode != SSL_VERIFY_NONE && - (vr = SSL_get_verify_result(con->ssl)) != X509_V_OK) { +(vr = SSL_get_verify_result(con->ssl)) != X509_V_OK) { if (SSL_VERIFY_ERROR_IS_OPTIONAL(vr) && -con->ctx->verify_mode == SSL_CVERIFY_OPTIONAL_NO_CA) { +con->ctx->verify_mode == SSL_CVERIFY_OPTIONAL_NO_CA) { /* TODO: Log optionalNoCA */ -} -else { +} else { /* TODO: Log SSL client authentication failed */ con->shutdown_type = SSL_SHUTDOWN_TYPE_UNCLEAN; /* TODO: Figure out the correct return value */ @@ -623,7 +622,9 @@ TCN_IMPLEMENT_CALL(jint, SSLSocket, rene tcn_socket_t *s = J2P(sock, tcn_socket_t *); tcn_ssl_conn_t *con; int retVal; +int error = 0; char peekbuf[1]; +apr_interval_time_t timeout; UNREFERENCED_STDARGS; TCN_ASSERT(sock != 0); @@ -633,28 +634,59 @@ TCN_IMPLEMENT_CALL(jint, SSLSocket, rene * handshake to proceed. */ con->reneg_state = RENEG_ALLOW; -retVal = SSL_renegotiate(con->ssl); -if (retVal <= 0) -return APR_EGENERAL; -retVal = SSL_do_handshake(con->ssl); +// Schedule a renegotiation request +retVal = SSL_renegotiate(con->ssl); if (retVal <= 0) return APR_EGENERAL; -if (!SSL_is_init_finished(con->ssl)) { -return APR_EGENERAL; -} -/* Need to trigger renegotiation handshake by reading. +/* Need to trigger the renegotiation handshake by reading. * Peeking 0 bytes actually works. * See: http://marc.info/?t=14549335922=1=2 + * + * This will normally return SSL_ERROR_WANT_READ whether the renegotiation + * has been completed or not. Afterwards, need to determine if I/O needs to + * be triggered or not. */ -SSL_peek(con->ssl, peekbuf, 0); +retVal = SSL_peek(con->ssl, peekbuf, 0); +if (retVal < 1) { +error = SSL_get_error(con->ssl, retVal); +} -con->reneg_state = RENEG_REJECT; +apr_socket_timeout_get(con->sock, ); +// If the renegotiation is still pending, then I/O needs to be triggered +while (SSL_renegotiate_pending(con->ssl)) { +// SSL_ERROR_WANT_READ is expected. Anything else is an error. +if (error == SSL_ERROR_WANT_READ) { +retVal = wait_for_io_or_timeout(con, error, timeout); +/* + * Since this is blocking I/O, anything other than APR_SUCCESS is an + * error. + */ +if (retVal != APR_SUCCESS) { +printf("ERROR\n"); +con->shutdown_type = SSL_SHUTDOWN_TYPE_UNCLEAN; +return retVal; +} +} else { +return APR_EGENERAL; +} -if (!SSL_is_init_finished(con->ssl)) { -return APR_EGENERAL; +// Re-try SSL_peek after I/O +retVal = SSL_peek(con->ssl, peekbuf, 0); +if (retVal < 1) { +error = SSL_get_error(con->ssl, retVal); +} else { +/* + * Reset error to handle case where SSL_Peek returns 0 but + * SSL_renegotiate_pending returns true. This will trigger an error + * to be returned. + */ +error = 0; +} } + +con->reneg_state = RENEG_REJECT; return APR_SUCCESS; } Modified: tomcat/native/trunk/xdocs/miscellaneous/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/native/trunk/xdocs/miscellaneous/changelog.xml?rev=1805606=1805605=1805606=diff == --- tomcat/native/trunk/xdocs/miscellaneous/changelog.xml (original) +++ tomcat/native/trunk/xdocs/miscellaneous/changelog.xml Mon Aug 21 08:22:17 2017 @@ -50,6 +50,10 @@ Fix an error not announcing the correct CA list for client certificates during TLS handshake. (rjung) + + Fix renegotiation to obtain a client certificate from a user agent. + (markt) +
svn commit: r1805605 - in /tomcat/trunk: java/org/apache/tomcat/util/net/AprEndpoint.java webapps/docs/changelog.xml
Author: markt Date: Mon Aug 21 08:20:06 2017 New Revision: 1805605 URL: http://svn.apache.org/viewvc?rev=1805605=rev Log: Ensure that the APR/native connector uses blocking I/O for TLS renegotiation. Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java tomcat/trunk/webapps/docs/changelog.xml Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java?rev=1805605=1805604=1805605=diff == --- tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java (original) +++ tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java Mon Aug 21 08:20:06 2017 @@ -2835,10 +2835,50 @@ public class AprEndpoint extends Abstrac @Override public void doClientAuth(SSLSupport sslSupport) throws IOException { long socket = getSocket().longValue(); -// Configure connection to require a certificate +// Configure connection to require a certificate. This requires a +// re-handshake and must block until the re-handshake completes. +// Therefore, make sure socket is in blocking mode. +Lock readLock = getBlockingStatusReadLock(); +WriteLock writeLock = getBlockingStatusWriteLock(); +boolean renegotiateDone = false; try { -SSLSocket.setVerify(socket, SSL.SSL_CVERIFY_REQUIRE, -1); -SSLSocket.renegotiate(socket); +readLock.lock(); +try { +if (getBlockingStatus()) { +Socket.timeoutSet(getSocket().longValue(), getReadTimeout() * 1000); + +SSLSocket.setVerify(socket, SSL.SSL_CVERIFY_REQUIRE, -1); +SSLSocket.renegotiate(socket); + +renegotiateDone = true; +} +} finally { +readLock.unlock(); +} + +if (!renegotiateDone) { +writeLock.lock(); +try { +// Set the current settings for this socket +setBlockingStatus(true); +Socket.timeoutSet(getSocket().longValue(), getReadTimeout() * 1000); +// Downgrade the lock +readLock.lock(); +try { +writeLock.unlock(); +SSLSocket.setVerify(socket, SSL.SSL_CVERIFY_REQUIRE, -1); +SSLSocket.renegotiate(socket); +} finally { +readLock.unlock(); +} +} finally { +// Should have been released above but may not have been on some +// exception paths +if (writeLock.isHeldByCurrentThread()) { +writeLock.unlock(); +} +} +} } catch (Throwable t) { ExceptionUtils.handleThrowable(t); throw new IOException(sm.getString("socket.sslreneg"), t); Modified: tomcat/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1805605=1805604=1805605=diff == --- tomcat/trunk/webapps/docs/changelog.xml (original) +++ tomcat/trunk/webapps/docs/changelog.xml Mon Aug 21 08:20:06 2017 @@ -97,6 +97,10 @@ Fix possible race condition when setting IO listeners on an upgraded connection. (remm) + +Ensure that the APR/native connector uses blocking I/O for TLS +renegotiation. (markt) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org